Novinite reports: The Ransomhouse hacker group has claimed responsibility for stealing data from the Supreme Administrative Court’s information systems. The group published documents, including lists of employee names, personal data, and leave applications, as evidence of the breach, according to cybersecurity website Questona. Along with the leaked documents, the hackers addressed the court’s management with a message urging them to make contact….
No need to hack when it’s leaking, Thursday edition: DM Clinical Research
Another day, another massive leak. Researcher Jeremiah Fowler reports that he found unsecured data with 1,674,218 records belonging to DM Clinical Research. DM Clinical Research is a Texas-based network of more than 24 multi-therapeutic clinical trial sites involved in research on vaccines, internal medicine, pediatrics, gastroenterology, psychiatry, neurology, women’s health, and more. DM Clinical Research’s…
Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors
Marine Pichon and Alexis Bonnefoi of Orange Cyberdefense report: Last year, Orange Cyberdefense’s CERT investigated a series of incidents from an unknown threat actor leveraging both ShadowPad and PlugX. Tracked as Green Nailao (“Nailao” meaning “cheese” in Chinese – a topic our World Watch CTI team holds in high regard), the campaign impacted several European organizations, including in the healthcare vertical, during…
Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger
Dan Black of Google’s Threat Intelligence Group writes: Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia’s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government…
FBI and CISA Warn of Ghost Ransomware
Waqas reports: A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) reveals the ongoing threat of Ghost ransomware, also known as Cring. Active since early 2021, this group, operating out of China, has targeted organizations in over 70 countries, impacting…
Medusa ransomware gang demands $2M from UK private health services provider
Iain Thomson reports: HCRG Care Group, a private health and social services provider, has seemingly fallen victim to the Medusa ransomware gang, which is threatening to leak what’s claimed to be stolen internal records unless a substantial ransom is paid. Previously known as Virgin Care and now owned by Twenty20 Capital, HCRG runs child and…